package com.xwt.web.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import com.xwt.web.filter.JwtAuthenticationTokenFilter;
import com.xwt.web.filter.JwtSuccessTokenFilter;
import com.xwt.web.filter.MyFailureHandler;
import com.xwt.web.filter.MySuccessHandler;
import com.xwt.web.service.SecurityUserDetailService;

/**
 * spring security 配置注释类 {@link EnableGlobalMethodSecurity} Spring
 * Security默认是禁用注解的，要想开启注解，
 * 需要在继承WebSecurityConfigurerAdapter的类上加@EnableGlobalMethodSecurity注解，
 * 并在该类中将AuthenticationManager定义为Bean。
 * 
 * @author Administrator
 *
 */

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Autowired
	private SecurityUserDetailService securityUserDetailService;
	@Autowired
	private MySuccessHandler mySuccessHandler;
	@Autowired
	private MyFailureHandler myFailureHandler;
	@Autowired
	private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
	@Autowired
	private JwtSuccessTokenFilter jwtSuccessTokenFilter;

	/**
	 * 需要放行的URL
	 */
	private static final String[] AUTH_WHITELIST = {
			// -- register url
			"/auth/**",
			// -- swagger ui
			"/v2/api-docs", "/swagger-resources", "/swagger-resources/**", "/configuration/ui",
			"/configuration/security", "/swagger-ui.html", "/webjars/**" };

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.csrf().disable()
		.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
        .authorizeRequests()
        .antMatchers(AUTH_WHITELIST).permitAll()
        .anyRequest().authenticated()  // 所有请求需要身份认证
        .and()
        .logout() 
        .logoutUrl("/logout")
        .permitAll()
        .and()
        .formLogin()
        .loginPage("/login")
        .successHandler(mySuccessHandler)
        .failureHandler(myFailureHandler)
        .permitAll();// 
		
		http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
		http.addFilterAfter(jwtSuccessTokenFilter, UsernamePasswordAuthenticationFilter.class);
	}

	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		auth.userDetailsService(securityUserDetailService).passwordEncoder(new BCryptPasswordEncoder());
	}

}
